Another week down. Damn, a whole month is down! January is already in the books.
While I’ve got you here, help us out with our mission. We’re busting our tails off doing our part to fix the broken information security industry. We’re striving and doing these things:
- Setting a common information security language that can be spoken by everyone; the S2Score.
- Developing and delivering simple (but effective and credible) information security risk assessments for the under-served (SMBs, state and local government, K-12, etc.):
- Developing and delivering simple (but effective and credible) tools to help the under-served do information security better.
- Teaching and mentoring others for free. The FRSecure CISSP Mentor Program is in it’s 11th year! We started with six students in 2010, last year we had 532, and this year we had more than 540 enrollments within the first 24 hours! Check it out and enroll here.
What can you do to help? Simple. You can help in (at least) three ways:
- Do your own S2Org and S2Me assessments.
- Contribute your opinions and feedback (after all, we’re all in this together).
- Spread the word. Tell others. Tell them about the S2Org and S2Me assessments and tell them about the FREE FRSecure CISSP Mentor Program!
OK, on to the show…
February is already upon us, and RSA is just around the corner. Speaking of RSA, let’s talk about our industry’s money grab in this week’s episode. Let’s also discuss tips for talking to the board of directors about information security stuff .
This will be fun!
Alright, on to the show notes. This is my (Evan) show to lead and these (below) are my notes.
SHOW NOTES – Episode 65
Date: Monday, February 2nd, 2020
Our topics this week:
- Normal Stuff
- Got Mail?
- The Money Grab
- It’s alive and well – everybody wants your $$$.
- The Bad Guys Of Course
- The “Good Guys” Too?
- Talking to the Board
- Recent Experiences
[Evan] Alright, welcome! This is Evan Francen, this is episode 65 of the UNSECURITY Podcast, and the date is February 3rd, 2020. In studio with me is none other than Mr. Brad Nigh. Howdy Brad.
[Brad] We’ll see how awake he is on an early Monday morning.
[Evan] I’m curious, are you a morning person or a night person?
[Brad] I don’t know what he’ll say here…
[Evan] We’ve got a great show planned for you today. Lots to talk about, for sure! We’re going to talk about this industry’s money grab and we’ll cover some tips for speaking to the board of directors. Before we dig in, Brad, how you doing?
Quick Catch-up Talk
[Evan] Alright. Well, let’s get to it. Let’s talk about the money grab in this industry. In case you didn’t know, I’m referring to the information security industry. You have the something that everybody wants. The bad guys, the good guys, and everyone in between. They all want your money. Collectively, I call this the “money grab” and we’re going to discuss this. I want to discuss this because I don’t want you losing your hard earned money to some crook and I don’t want you to piss it away on something that doesn’t do what you thought.
Discussion about the Money Grab
The money grab is alive and well. Everybody wants your $$$. Everybody.
- The Bad Guys Of Course
- The 2018 cybercrime industry was worth at least $1.5 trillion
- There is no low that’s too low.
- Coronavirus Phishing Scams
- The Denison Extortion
- The human trafficking industry is worth over $150 billion – https://www.forbes.com/sites/carmenniethammer/2020/02/02/cracking-the-150-billion-business-of-human-trafficking/#7ad3b41427ab
- The “Good Guys” Too?
- Gartner estimated that 2019 industry spending was $124 billion in 2019, and by some estimated it’s expected to grow to more than $170 billion by 2022. NOTE: this is for context only and not to imply that this is wasted spending.
- FUD (scare the sh*t out of you) and Sex Sell (buzzwords, new blinky lights, etc.)
- Seems like everybody is fighting for your money.
- Conferences (RSA, Black Hat, etc.)
- Companies (borderline extortion, crappy advise, etc.)
- We’re (FRSecure and SecurityStudio) human too. Mission over money, does it keep us honest?
[Evan] It’s a dangerous world and people (non-information security people are confused). I wonder how much of this is on purpose. The enterprise organizations can afford to make mistakes, but the smaller players are left in the cold and they’re suffering because they often miss the basics, the fundamentals. I feel bad for the under-served markets, especially SMBs. This is our primary focus. OK, on that note…
Discussion about talking boards of directors and executive management
[Evan] Brad, you and I have had the privilege on many occasions to talk to boards and executives. What tips do we have?
Some good back and forth discussion I’m sure…
After a while, let’s do some news.
[Evan] I’ve only got two stories to discuss today, but I think they’re interesting ones:
- Hackers are hijacking smart building access systems to launch DDoS attacks – https://www.zdnet.com/article/hackers-are-hijacking-smart-building-access-systems-to-launch-ddos-attacks/
- Ashley Madison cyber-breach: 5 years later, users are being targeted with ‘sextortion’ scams – https://www.cnbc.com/2020/01/31/ashley-madison-breach-from-2015-being-used-in-sextortion-scams.html
[Evan] OK, that’s it. Episode 65 is in the bag. Brad, you’ve got any ideas for next week’s show yet?
[Brad] Maybe he does, maybe he doesn’t…
[Evan] Thank you to our listeners, we love hearing from you. If you’ve got something to say, email us at firstname.lastname@example.org. If you would rather do the whole social thing, we tweet sometimes. I’m @evanfrancen and Brad’s @BradNigh. If you like company stuff, we work for SecurityStudio (@studiosecurity) and FRSecure (@FRSecure). The company people post good things from time to time too!
That’s it. Talk to you all again next week!